In Firebase, whenever I try to write to Firestore I'm getting permission errors in flutter. So I wanted to ask what signatures are you supposed to put in the settings? I'm currently using the services Firestore, Auth, and AppCheck.
I have 6 signatures in my settings:
SHA-1, SHA-256: debug.keystore
SHA-1, SHA-256: upload-keystore (is this needed?)
SHA-1, SHA-256: App signing key certificate from google console
The reason why I think it has something to do with the signatures is because I'm able to write to Firestore when I'm using AndroidProvider.debug in AppCheck. But when I make my release version using AndroidProvider.playIntegrity Firestore denies me.
Error:
E/flutter (25396): [ERROR:flutter/runtime/dart_vm_initializer.cc(41)] Unhandled Exception: [cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation.
Firestore rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if isDev();
}
function isAuth() {
return request.auth != null;
}
function isDev() {
let datalist = ['myemail#foo.com'];
return isAuth() && request.auth.token.email in datalist;
}
}
}
I'm using IntelliJ.
You should use the SHA-256 certificate fingerprint that you can find in App integrity > App signing key certificate on the Google Play Console.
I stumbled upon the same issue today, and this is my current working setup. Hope this helps!
Okay long story short, I found out the phone I was testing API 28 on had been previously rooted. The original ROM had eventually been reinstalled but I guess it still qualifies as being rooted according to AppCheck.
Related
I have connected this app with my firebase console. I am trying to upload videos from the app to firebase storage so that another app connect to same console (which has authentication) can display it
I am getting this error when I upload:
W/System (10365): Ignoring header X-Firebase-Locale because its value was null.
I went through this question(W/System: Ignoring header X-Firebase-Locale because its value was null) on stack overflow but I am unable to remove the authentication requirement still
My firebase storage rules are:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if
true;
}
}
}
I don't understand why I am still unable to upload without authentication.(App is connected to internet too and has permission)
So I am running my Flutter app locally with emulators. The firestore rules are copied from the docs:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read, update, delete: if request.auth != null && request.auth.uid == userId;
allow create: if request.auth != null;
}
}
}
After I signup the user successfully I try to create his doc like this:
UserCredential userCredential = await auth
.createUserWithEmailAndPassword(email: data.name!, password: data.password!);
await auth.currentUser!.sendEmailVerification();
DocumentReference ref = FirebaseFirestore.instance.collection("users").doc(FirebaseAuth.instance.currentUser!.uid);
await ref.set({"isOwner":false},SetOptions(merge: true));
This results in the error:
W/Firestore(17604): (24.4.0) [Firestore]: Write failed at
users/JknXHMkWb0jL4ohiW18K9h6NLyyB: Status{code=PERMISSION_DENIED,
description=Missing or insufficient permissions., cause=null}
Does it need time to get the uid? I can't think of anything else
if (Foundation.kDebugMode) {
FirebaseFirestore.instance.clearPersistence();
FirebaseFirestore.instance.useFirestoreEmulator("10.0.2.2", 8080);
}
Found this on some google group. Moving the clearPersistence line below the firestore emulator made it work. This is really non-standard behavior.
Look out as well into the debugging output of your app : the Firebase Firestore SDK outputs a debug token for you to whitelist your test device on Firebase > AppCheck > Apps.
From there, look for the 3-dots menu of the platform you're debugging onto, click it, and select "Manage debug tokens" : add the token here.
From my observations, this debug token doesn't live forever. If experience again permissions issues, try re-adding the token which you get in the debug output.
Is there a way to check if a user has recently authenticated on Firebase to avoid this message when trying to delete a user: "This operation is sensitive and requires recent authentication. Log in again before retrying this request."
I have been playing around trying to compare lastSignInDate (below) to current time but there seems to be a large margin of error on this which can cause problems:
firebase.auth().currentUser.metadata.lastSignInTime
Are there any functions that can return a simple boolean as to whether a user has recently authenticated so the user.delete() function will work properly?
Thanks so much!
The best way to do this is by checking if the response has an error, like so:
let user = Auth.auth().currentUser
user.delete { error in
if let error = error {
if (error.code == "auth/requires-recent-login") {
// The user's credentials are too old. Prompt Login screen.
}
} else {
// ...
}
}
According to Firebase Documentation, There's no other approach to this other than comparing the current date with firebase.auth().currentUser.metadata.lastSignInDate (Only if you have the Admin SDK on your app, but you most probably do not need that for enabling a user to delete themselves).
i'll publish my app on Google Play Store but in test phases (Alpha Version), i was using this rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// This rule allows anyone on the internet to view, edit, and delete
// all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// your app will lose access to your Firestore database
match /{document=**} {
// allow read, write: if request.time < timestamp.date(2020, 3, 25);
allow read, write: if request.auth.uid != null;
}
}
}
But, when the app must be published to public i can't know the best path or the best rules that my app must have.
My app have a login screen and after login screen each user have your respectives documents and collections in your document generated from sign up.
I can't got think on a form to protect my app of invasors.
It is strange that Firebase can't create user in Unity SDK out of the box.
Firebase Console was tuned (anonymous access and email/password access are enabled) and google-service.json was placed in Assets folder of Unity.
However, Firebase still won't create a user. This is the code where it always fails:
auth.SignInAnonymouslyAsync().ContinueWith(task => {
if (task.IsCompleted && !task.IsCanceled && !task.IsFaulted) {
Debug.Log("User is now signed in.");
FirebaseUser newUser = task.Result;
}
else if (task.IsFaulted || task.IsCanceled)
{
Debug.Log("User signup failed");
}
});
Why?
There are possible several reasons:
The app was run in the Editor, rather than on the device
The configuration file is not updated after you add Firebase Auth feature
The password is shorter than 6 chacters
The email address is in invalid form, e.g. abcdef#aaa
The first one is highly likely the reason why.
I have created a tutorial here, which covers the steps to create/login using firebase in Unity, hope this is helpful.